This is our current recommended procedure for backing up office 365 mailboxes using a single task and single login. It applies from BA365 v1.3 and later (late October 2019 release).
It is possible to create a special “backup user” login in Office 365 and use that to log in for the backup task.
This is preferred because:
- If you use a real user, like email@example.com, BA365 automatically assigns mailbox rights to that user. So when Fred logs onto Outlook, he can see all the mailboxes. (Note: this is needed so BA365 can back up multiple mailboxes.)
- Using a special backup user minimises the possible throttling that may be experienced on heavy usage. In the example above, if O365 throttles on a per-user basis, Fred would experience slower performance while a backup is running.
- The backup user can be assigned a special complex password that never changes. In the example above, if Fred changes his password, the backups will stop working.
- No licence is required for the backup user – therefore it won’t cost anything.
How to set up the backup user account for backing up Office 365 mailboxes
Follow these instructions:
- Create a new user in Office 365, as shown in the screenshot below. You can call the user anything you want, but we recommend something that will be easy to remember.
- Create a password at the time of setting up this user.
- Make sure both checkboxes at the bottom are unchecked. If you require the user to change the password, BA365 will be unable to login.
2. Create the user without a license. This is so you don’t have to pay for an unnecessary license.
3. Set the role to Exchange administrator. To do this, uncheck the “User” checkbox and then check “Exchange administrator”. This role is required to allow the user to back up multiple mailboxes.
4. Confirm the settings as shown
5. In BA365, use that new user in the task setup.
Your username and password are stored securely encrypted on disk. These credentials are never included in any diagnostics file that you send to our technical support department.
Future work – oAuth authentication
We understand that some of you will be enforcing 2FA policies, and may disallow the App Password option.
We have planned an enhancement to BackupAssist 365 to allow you to authenticate via oAuth instead of using username / password authentication.